Description
Who doesn't love cookies? Try to figure out the best one. http://mercury.picoctf.net:27177/
Hints - none
Step -1: After opening the site, I input snickerdoodle into the search textbox which led me to a display page saying I love snickerdoodles!
Step-2: I inspected the page and found that the cookie value is set to 0 So, I intercepted with burpsuite and changed the cookie values randomly which resulted in different outputs.
Step-3: Then, I sent the request to intruder and brute forced the page with 1-20 cookie values
Step-4: Finally, for cookie value 18 we get our flag in the response token.
Comments